TMCnet FEATURE

TMCNET eNEWSLETTER SIGNUP

Calling All Cryptographers and Hackers of Good Will - Help Wanted to Defeat Gauss Virus

For those you who may not have been following it, there is a newly discovered super virus called “Gauss” on the loose and thus far it has defied inoculation. As a result, the call has gone out worldwide to cryptographers and others who like a good challenge to help defeat this one from the sleuths at Kaspersky Labs, who has been tracking this nasty boy for weeks prior to its revelation of its existence a few days ago.

A brief recap

Gauss is extremely complex malware which features a wide-variety of information stealing capabilities. Back in May, Kaspersky first took notice and since then it has found more than 2,500 Gauss-related infections with the majority in the Middle East —predominantly in Lebanon, the Palestinian Territories and Iran. While first thought to be aimed at the bank accounts of those involved in funding combatants in the Syrian uprising because of the malware’s ability to capture website passwords, online banking account credentials and system configuration data. However, experts now believe this is more about tracking individual targets than stealing online banking passwords. The company also thinks that like the vicious Flame, Duqu and Stuxnet malware before it, Gauss is state-sponsored activity.

Gauss’s secret encrypted payload is housed in the USAB data-stealing modules of targets. What concerns those working on a cure is both the extreme care taken by its authors to hide the payload which they conclude means the targets a high-profile, and that the size of the payload indicates that it could be used for a series of bad things including cyber-sabotage.

Where do we stand and why the call to action?

Reports are that the good guys have made some progress in analyzing the architecture of Gauss, but the payload encryption remains unbroken which has hastened the call for help by cryptographers. As noted in various stories on the subject, researchers think the hidden binary blob, when decrypted and executed, looks for a program specifically named using an extended character set, such as Arabic or Hebrew. Unfortunately, figuring out what that program might do cannot be determined without first breaking the encryption.

This safe needs to be unlocked and fast. Kaspersky is asking for those with skills and interest to help them find the decryption keys to unlock the payload and have posted a blog with a technical description as part of its SOS (News - Alert).

In the past, such calls for help worked. For example, the mystery language used to create Duqu was quickly uncovered quickly and turned out to be nothing more than Object-Oriented C. One can only assume that the Gauss creators learned from this, and that Gauss is not going to be easy to defeat.

With so many great minds now working the problem there is reason to hope this gets cracked quickly. We will be sure to bring you an update when it becomes available.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.